not able to refine from o/p of query in logstash

[raj@]

I am using the below query to pull the information from logstash:: 

curl -XGET ' http://logs:xx00/_all/_search?pretty=true' -d ' { 
    "query": { 
    "bool": { 
        "must": [ 
            { 
                "match": { 
                    "_type": "pre" 
                } 
            }, 
            { 
                "match": { 
                    "message": "MapDone" 
                } 
            }, 
            { 
                   "range": { 
                        "@timestamp": { 
                            "gte": "now-5m" 
                        } 

                } 
            } 
        ] 
    } 
} }' 
Output :: 

{ "took" : 177, "timed_out" : false, "_shards" : { "total" : 3225,
"successful" : 3225, "failed" : 0 }, "hits" : { "total" : 1238, "max_score"
: 4.3801584, "hits" : [ { "_index" : "fi-logstash-2015.01.21", "_type" :
"fi", "_id" : "CORYzNPHnnQeu09A", "_score" : 4.3801584,
"_source":{"thread_name":"main","message":"[MapDone]\tstandards.po.poRsxWrite
in
169ms","@timestamp":"2015-01-21T14:48:59.835+00:00","level":"INFO","mdc":{},"file":"fi-1-small-log.json","class":"fi.log.MapLogHandler","line_number":"21","logger_name":"fi.Mapper","method":"info","@version":1,"source_host":"fi.pp","host":"prefi2","offset":"185244882","type":"prefi","tags":["instance"],"syslog_severity_code":5,"syslog_facility_code":1,"syslog_facility":"user-level","syslog_severity":"notice"}
} 

The above is only a part of the output.I am trying to get only the map name
as output. When I am trying , I am getting errors. 

Different sample Maps:: formats.pure.qm.fromSIP.toCSV.write in 24ms
H044Grain.hub.asn.from.advanceShipNoticeWrite in 188ms
H9B1honey.hub.po.fromFEDSto.purchaseOrder in 416ms
HAEPrugs.hub.rsx.v7.r0.po.poFedsWrite in 231ms
H4Grain2.hub.in.fromtoAPP.invoiceWrite in 110ms
H2Home.v700.e4060.co.in.inFedsWrite in 108ms 

I am tring to get:: 

1 - only mapping names ( H4Grain2.hub.in.from.invoiceWrite ) 
2 - unique mappings ( something like | uniq to previous o/p ) 
3 - Average of last 1 minutes mappings 

Can anybody help check if this is possible. Thanks a ton in advance.
<http://logs:xx00/_all/_search?pretty=true'> 



--
View this message in context: 
http://elasticsearch-users.115913.n3.nabble.com/not-able-to-refine-from-o-p-of-query-in-logstash-tp4069573.html
Sent from the ElasticSearch Users mailing list archive at Nabble.com.

-- 
You received this message because you are subscribed to the Google Groups 
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/elasticsearch/1422265133181-4069573.post%40n3.nabble.com.
For more options, visit https://groups.google.com/d/optout.